AlmostGood

L2jorion is trash based on frozen, no bigger core reworks/fixes just tons of customs added LUL Do you have any screen from ingame errors? it could be possible to backtrack that exploit

at this point i wouldn't do that at all, fuck entitled freeloaders LUL

unix timestamp, https://www.epochconverter.com/

i mean, you call winsock legacy software, so im not surprised he didn't bother answering your braindead questions xD

its quite standard practice to sell software as lifetime, but only with X months of updates included, so these who would want to upgrade would be charged (often with discount as a returning person). But that needs to be said upfront, not after 1 year sell xD

or you could just use modern classic client for your h5 server and have: login rewards, daily missions and captcha system already built into the client instead of reinventing the wheel :D

i know it will be still simple, just breakpoint on http request to their license check endpoint and traceback nop'ing everything on the way. Java is fucked by design here, my point was they did absolutely 0 effort here :P but i support your topic, L2j was always trash not worth a penny

https://pastebin.com/embed_iframe/u97Z0wzY license code is 1 class in L2PCInstance, most of which is perfectly readable, string "encryption" in this form is just wasted effort as you can decrypt any value in runtime yourself, and that's if your ever needed to, here its some basic http check, basically you can trash most of it without even reading what it does xD

both of these didn't do anything to protect their "license system", i mean not a lot you can do with jars but at least obfuscate names so it takes longer than 10secs to find all "license" occurrences lmao

who even uses topsites in 2020, this shit is dead lmao

These efforts are long gone, i would call it guessing or made up random, everything will work just so "feature" can be listed in server specs to lure new wallets.

to avoid possible exploits, server should always first delete required items and then after making sure no errors occurred, give out output item at absolute end. Current off chronicles work like this on every action, in past it was random, some were correct other were wrong giving lots of way to abuse.

you need to realize L2 client doesn't implement real html rendering you know from web dev. Koreans simply picked something known and simple to build own parser, which has like 20 or so common tags and few hardcoded properties. With use of client textures and occasional updates that's all they needed. There is no DOM or any tree manipulations thus no CSS. If <font> tag happens to have "color" property that's only because L2 devs needed it there at some point. There are people who mastered use of whats L2 can display, but that comes with lot of ugly hacks and trial/error, whole thing is simply limited as fuck :D

i started to admire his determination in finding idiots who will believe in anything he tells them to the point of payment, that requires decent effort by itself.

they have dedicated firewall solutions which doesn't have such limits like VMware NSX, where you can filter traffic on the edge but even if you run on budget, its doable with 20 rules limit and some extra code because you only need to allow connection init, once its established/related it will pass firewall, so you could setup TTL for rules to expire after 10sec and add extra msg on game start about queue when your rules set is full :D to make it smoother, i would block manual auth with login/pass and use autologin + launcher passing login data in process args.

here we go again, whats the excuse this time? :D

use OVHs edge firewall and own rule set with default drop all, extend L2 client to calculate some math challange before login request is attempted, send result together with some hwid/ip to aws/gcp instance which will verify it and query OVHs firewall api to allow login. Mystery of application layer "100% DDos Protection" solved.

server doesn't matter here, client handle html displaying possible in GOD+ clients as these ship with embed chromium support and ingame browser window, in older trash clients it would require lot of work with client extending so can be safely assumed to never happen.

in most cases you will be able to tell what antibot is used by looking for non-L2 files in /system, also size of dsetup.dll (non modified should be ~60kb), unless its something less popular, then no luck as any file can be used. Traffic encryption will be done in same place of engine.dll but antibots will most often hook that function and do own stuff inside theirs dll, so you would need to reverse chunk of (often packed) antibot to find out how encryption works - unpractical, because knowledge required to do so will let you access packets easier, before encryption/after decryption takes place. Network mitm bots are doomed nowadays :D

did you really think any of these companies ever seen or touched any PFC codes users spends on them? :D when you are business you dont use customer-level products and go for B2B solutions/cooperation, that's completely another story and often out of reach if you are not big enough. In your case, look for payment gateway which includes paysafe, like G2A Pay and others

majority of antibots adds own custom traffic encryption, so your best solution will be running l2j server locally

ppl trying to gatekeep some old trash feature list are pathetic LUL nothing created back then in l2j would be remotely interesting/impressive nowadays, nostalgia is the only reason ppl like to look back.

by fast look on engine/core - doesn't seems KR made any command for that, but it could be done with client extension, if you dont mind paying i could make dll for that, pm

client is capable of doing that, but i don't think there is any simple way exposed to trigger reload manually dat's are loaded right after server select and client would trigger reload only after server type (classic/arena/live/etc) changed.

if these small squares are separated crests and its not single big one, it can be solved without OCRing, but yeah, both ways its shit captcha